•
MEDIUM Severity
CVE-2025-48174
Integer and buffer overflow in libavif before 1.3.0
Overview
In the software libavif before 1.3.0, an integer overflow and resultant buffer overflow was identified in the file "stream.c". This can lead to potential security compromises.
Technical Details
The vulnerability is present in makeRoom function in stream.c which leads to an integer overflow and buffer overflow at stream->offset+ size which can be potentially exploited.
CVSS Metrics
- attack_vector: LOCAL
- attack_complexity: HIGH
- privilegesRequired: NONE
- userInteraction: NONE
- scope: CHANGED
- confidentialityImpact: NONE
- integrityImpact: LOW
- availabilityImpact: LOW
Impact
The attacker can potentially exploit this buffer overflow to gain unauthorized access or compromise the integrity of the system.
Recommendations
It is recommended to update the libavif to version 1.3.0 or later. Also, apply appropriate input validation checks on buffers to ensure overflows do not occur.
Threat Metrics
- "cvss_score": 4.5
- "severity": "MEDIUM"
- "attack_vector": "LOCAL"
- "attack_complexity": "HIGH"